Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Incomplete Base
Structure: Simple
Description
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.
Common Consequences 1
Scope: IntegrityConfidentiality
Impact: Gain Privileges or Assume Identity
If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Related Weaknesses
Notes
MaintenanceThis entry should be made more comprehensive in later CWE versions, as it is likely an important design flaw that underlies (or chains to) other weaknesses.